Ilch CMS version 2.0 suffers from a cross site scripting vulnerability.
e2683c27062711597a9df12371bd0a7a61ee067fc0a9b7f5df5d8be3c8b6ab3aHP Security Bulletin HPSBMU02933 2 - A potential security vulnerability has been identified with HP SiteScope's loadFileContents SOAP features. The vulnerabilities could be exploited to allow remote code execution, arbitrary file download and Denial of Service (DoS). Revision 2 of this advisory.
3c3fce58d5871296d934c5747bd58def4b2b1e55206ab989526989592b9fe1e7WordPress Barclaycart plugin suffers from a remote shell upload vulnerability.
58557ff12c73e8f77acc73b1a87e158e79d958922d12cc5281635607469e186fHP Security Bulletin HPSBHF02965 - A potential security vulnerability has been identified with HP Security Management System. The vulnerability could be remotely exploited to allow remote execution of arbitrary code. Revision 1 of this advisory.
ae08851a091ce91f4446b016984fbb54e3bc089782556844186d6daebd7da8e8Open Supports version 2.0 suffers from a remote blind SQL injection vulnerability.
39c5d73c086e0f1c416ae0a90a2bcacc48e025ded4b414d20ccc44a07c834ba1HP Security Bulletin HPSBUX02973 SSRT101455 - Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.
1a9c8dd06ec0e2350e96252f75e11349bc19404195d5b099e09ef1a50df08f42HP Security Bulletin HPSBUX02972 SSRT101454 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.
99259d174eecc0f00a31bfe3c271ae58f0bc9f924a4cf092a8c6f2d23e24da32PHP suffers from a user session hijacking vulnerability due to the way sessions are handled on the filesystem.
24a591c0d3dcd52cc5ebd27e0fa5e2ca669141ab9ce9ec505ab5e11991b150d3SFR ADSL/Fiber BOX version NB6-MAIN-R3.3.4 suffers from 39 cross site scripting vulnerabilities.
961daed8a9749ebb2b59813783d112dd418b4d19e5ea17054f90aa7c8fc1c761Gentoo Linux Security Advisory 201403-1 - Multiple vulnerabilities have been reported in Chromium and V8, worst of which may allow execution of arbitrary code. Versions less than 33.0.1750.146 are affected.
6fa193b11bae1a8711011022a473afc87d63e850dbd09992219cf1b7d49ec730ipset-bash-completion is programmable completion code for the bash shell, to support the ipset program (netfilter.org). It allows you to interactively retrieve and complete options, commands, set names, types, and members.
f8a99f1f281854c1e5c01b4aa59859cf3de9cee3bc2e9126bb0e069789075473Glambombworld PHP Clone Script suffers from a header injection vulnerability. Warning: viewing the demo site is not safe for work.
f57354df099e3a205d21612ed8b2299b04739e5da4e01ed5c8497b9926512e92This Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off. This Metasploit module uses the Reflective DLL Injection technique to drop only the DLL payload binary instead of three separate binaries in the standard technique. However, it requires the correct architecture to be selected, (use x64 for SYSWOW64 systems also).
2af1863cdb30bfd4736972507c329a2bdd36de75f1f53ed9dba7e1b9c141c5d9This Metasploit module exploits a stack-based buffer overflow vulnerability in ALLPlayer 2.8.1, caused by a long string in a playlist entry. By persuading the victim to open a specially-crafted .M3U file, a remote attacker could execute arbitrary code on the system or cause the application to crash. This Metasploit module has been tested successfully on Windows 7 SP1.
3024048d0a34139924bf86ad54652b2205faa11b7eda9905b10fe7256e77bd1eRed Hat Security Advisory 2014-0249-01 - PostgreSQL is an advanced object-relational database management system. Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.
3787b02c2694cb97d3e446074a2140a66abbac75c5b4d76794db3b0e7791e13fUbuntu Security Notice 2127-1 - Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly handled certificate verification functions. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited with specially crafted certificates to view sensitive information.
d993f7ca19f48ae97e6efa1f068cac1e38adac6d808387d1c7002cb567aff191Cordova File-Transfer iOS plugin from Cordova versions 2.4.0 to 2.9.0 and Cordova File-Transfer iOS standalone plugin (org.apache.cordova.file-transfer) versions 0.1.0 to 0.4.1 suffers from file-transfer insecure default settings.
d06bcc2c1a60bed13d3d16b9c58407e36f9a922e09a29f8737855698ce7ee2a3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed